Wednesday, December 12, 2012

Customized Best Practices from HackVidhi




A web application developer must always follow a set of best practices to ensure that his/her web application is secure. If followed properly, the best practices can guarantee a good fight against the malicious content and attacks. Yet, most of the application lack these practices and are vulnerable to web threats. For few, the practices were not followed due to the lack of time, few others had the functionality limitation while others had just a negligent attitude towards the security. The reason could be anything, but if exploited to the core, the consequences could be damaging.
The basic best practices you must follow in your web application -
  • Parameterized Queries: If your application deals with SQL, always write parameterized queries or prepared statements. This can save your application from SQL injection. In other terms, it won't allow an attacker to change the dynamic queries.
  • Save sensitive data: If your application stores sensitive files such as customer information, always store such files outside of the webroot. And if your application has limitation which does not allow you to do so, explicitly make sure to secure them using encryption.
  • Check for buffer-overflow:  Always make sure that there is enough buffer so that the flow of your application could not get choked by any bad intent. An efficient memory management should always be a  must-consideration.
  • Proper error-handling: One of the common strategy used by hackers is to make your web application fail and get the information out of the error thrown on the browser. So make sure that your web application has a proper error-handling mechanism implemented in it which will prevent leakage of any core information even if it fails.
This list is not complete yet. We can add few more points here and the list would still be incomplete

At HackVidhi, we help you understand these practices better. Along with all of our security testing services, you can exploit free consultation to make your website or web application secure and  we will also provide you a set of customized best practices tailor-made for your application. We believe in not only providing our clients the best services but also enriching their knowledge in the area of web security.
- Richa

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)